Control systems have a unique timing fingerprint that arises from its combination of CPU speed, load, memory, and additional protocols.

About

Background:  Supervisory control and data acquisitions (SCADA) systems are utilized across many industrial control systems (ICS) applications including building automation, oil and gas distribution, national power plants, water, sewage, and even traffic lights. A security breach within a critical SCADA system might lead to very tragic consequences.  In the past few years, attacks on SCADA systems have negatively impacted water, nuclear, and power plant systems. Present security technologies rely on techniques that are susceptible to packet forgery and are therefore unreliable. Hence, a more robust technique that could quickly detect attacks, and subsequently pre-empt serious damage, would be very desirable. Technology: Researchers at Georgia Tech have developed a fingerprinting technique that can provide intrusion detection for critical infrastructure networks.  The invention utilizes a passive device to monitor network transmission control protocol (TCP) information. The novel fingerprinting technique is based upon the difference between TCP level acknowledgments and control system application level responses. Specifically, the length of time is measured between when the TCP layer acknowledges that the Read request packet was received and when the application layer sends the Response.  Systems have a unique timing fingerprint that arises from its combination of CPU speed, load, memory, and additional protocols.  If an intrusion occurs, then it will change the system’s Read-Response time.  Real-time analysis is performed to detect when a change to the system has occurred.  Potential Commercial Applications:  The invention can provide extra security for any control system that uses SCADA architecture.  Overall, by 2020 the SCADA market is forecasted to be over $11B.  Many government infrastructure projects and industries employ SCADA technologies including utility, oil and gas, waste treatment facility, chemical plants, manufacturing, telecomm, etc  Benefits/Advantages:  Non-intrusively determines a fingerprint for industrial control systems (ICS)  In a TCP layer, the length of time to send and receive signals is passively measured  Control systems have a unique timing fingerprint that arises from its combination of CPU speed, load, memory, and additional protocols  Changes to system can be identified in real-time  

Register for free for full unlimited access to all innovation profiles on LEO

  • Discover articles from some of the world’s brightest minds, or share your thoughts and add one yourself
  • Connect with like-minded individuals and forge valuable relationships and collaboration partners
  • Innovate together, promote your expertise, or showcase your innovations